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[57] ABSTRACT 
A techniquCv^nfiej^ 

stored^on a distributed networ^^^yitel^^lising^a^single , 
passwordrThe-technique-generally"comprises computing a 
one-wayiha sh-value of the passw ord thafi s^initially-provicled 
by^thejiserto a wo^csjajiori^iiring a login-procedure.~Thi? 
initial hash value is stored by the workstation so that it may 
be readily accessib le f^ aulHenticating the^isePto'other^ 
appheations of thlTI)^^ 

the user as to its identity by is^ihg"an~ope'rafih^~^ste?n7 
application programming interface (API) calLthatjpecifies/ 
eig^quiz- user" for password". The APFcaiTinvokes a 
routine that requests the user's password and, in response to 
that4)assword,-hashes-it-and_compares~tb^^ 
valuejwith-the-stored-hash-^value.^If-the-values-matchrtHe 
user is reliably authenticated. 
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USER PRESENCE VERIFICATION WITH Accordingly, to effect a secure transmission of informa- 

SINGLE PASSWORD ACROSS tion to a recipient, a principal encodes ("encrypts") the 

APPLICATIONS information with the recipient's public key. Since only the 

intended recipient has the complementary private key, only 

FIELD OF THE INVENTION 5 that principal can decode ("decrypt") it. On the other hand, 

This invention relates generally to distributed data pro- t0 P rove 10 a recipient of information that the sender is who 
cessjn^syst ems a nd, more specificallv,.-to-a-technique~foK he P ur ports 10 be , the sender encodes ("signs") the infor- 

/ yerifyingjhe presence of a user t_Q_ various services and rnation with its private key. If the recipient can decode 

applications"™ a distributed~network sysfemT~^ ' ("verify") the information, it knows that the sender has 

10 correctly identified itself. In public key cryptography, each 

BACKGROUND OF THE INVENTION principal is responsible for knowing its own private key and 

A distributed network system typically includes various f 11 the P ublic n kevs are generally accessible from one 

computer nodes interconnected by a communications locatlon ' tv P lcall y a Rectory service (DS). 

medium. The computer nodes may include nodes that are Operation of a public key cryptography system will now 

directly accessed by users, e.g., workstations, and nodes 35 be described with reference to an illustrative login authen- 

running specialized applications, e.g., servers. These nodes, tication exchange between a workstation, acting on behalf of 

the applications running on these nodes, and the users of the a and a remote server. Basically, the workstation 

distributed system may be referred to as "principals." The encrypts a message for confidentiality by performing a 

methodology employed to reliably verify the identity of a transformation using the server's public key, and a server 

user of a distributed network system prior to allowing the 20 decrypts the message by performing a transformation using 

user access to system resources and applications is referred lts private key. 

to as authentication. Authentication is generally performed A user logs into the workstation with the user's password 

on behalf of the principals. and the workstation derives a secret encryption key by 

In a typical distributed network system, the user sends a 25 applying a known hash algorithm to the password prior to 

password to each application running on a remote node in deleting it. The workstation then requests the user's private 

order to access its resources. If the password for each kev from a DS of the remote server. The user's private key 

application is different, remembering the password and its nas previously been encrypted under the same secret encryp- 

associated application may be rather difficult and unpleas- tion key and stored as a credential of the directory. A 

ant. The user could simply set each password for each 3Q credential is a table entry comprising the user's name and the 

application to the same value, but this presents the problem user's private key; in other words the credential is a repre- 

that if the user changes one password and forgets to change scntation of the user in the computer. The remote server 

the others, the passwords will diverge, returns the encrypted private key to the workstation, which 

On the other hand if the user has the same password for uses tne secret ke y to decrypt and obtain the private key. 

all applications, the local application with which the user 35 By demonstrating possession of the private key, the 

"logs-in" typically saves the entered password and automati- workstation may thereafter attempt to access distributed 

cally sends it to remote applications as needed. This type of system-based services or applications on behalf of the user, 

remote authentication is susceptible to a password -based For example, the user may attempt to log into a different 

system threat known as eavesdropping, i.e., interception of workstation or server, attempt to access a different operating 

the password by wiretapping the network. To counter such 40 system or attempt to access applications such as Lotus Notes 

a threat, cryptography is often used to preserve the confi- or Novell GroupWise. Each of these entities typically 

dentiality of the transmitted password when authenticating includes a component referred to as an authentication agent 

the user to remote applications. that maintains the user's identity and secret (e.g., password). 

A well-known cryptographic technique used to perform Although the user has been generally authenticated on the 

remote authentication is public key cryptography. In this 45 network, these agents may not be aware of that 

method of secure communication, each principal has a authentication, and thus query the user for a password. This 

public encryption key and a private encryption key, and two can consume considerable bandwidth and can be quite 

principals can communicate knowing only each other's intrusive to the user, particularly in systems requiring users 

public keys and, of course, their own private keys. An 10 be authenticated whenever a resource is accessed, 

encryption key is a code or number which, when taken 50 A known mechanism for solving this problem is a single 

together with an encryption algorithm, defines a unique sign-on mechanism. Here, a main application stores the 

transformation used to encrypt or decrypt data. A public key secrets of the other applications and, in response to an 

system may be used in such a way as to ensure that inquiry from an application, provides the appropriate secret 

information being transmitted cannot be understood by an on behalf of the user. The user thus does not have to retype 

eavesdropper, as well as to ensure the authenticity of the 55 the secrets, as it is assumed that if the user has successfully 

sender of the information. logged into the main application, the workstation can access 

The manner in which a public key cryptography system the secrets of the other applications and provide them to the 

operates to ensure authentication may be understood without applications on behalf of the user. 

reference to the mathematical transformations that are used Specifically, a group of encrypted application secrets are 

for encryption and decryption. Public key cryptography is 60 associated with the user; this group of secrets is referred to 

also referred to as "asymmetric" encryption because infor- as a "keychain". The keychain is assigned a public/private 

mation encoded with a public key may be decoded only by key pair, wherein all of the secrets of the keychain are 

using a complementary private key, the associated public encrypted with the public key and the private key for the 

and private keys defining a key pair. According to this type keychain is encrypted with the user's password. When the 

of encryption, the private key is known only to the owner of 65 user logs into the main application with its password, this 

the key, while the public key is known to other principals in password is used to decrypt the user's private keychain key. 

the system. The workstation then forgets the password but keeps the 
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private keychain key accessible. The encrypted application - 
specific secrets are decryptable with the private keychain 
key. An application-specific secret may therafter be retrieved 
from the keychain and decrypted with the private keychain 
key. 

Notably for security reasons, the password used for log- 
ging into the main application is not retained at the 
workstation, primarily because malicious software could 
capture the password and use it to impersonate the user. 
When implemented in a straightforward way, however, the 
single sign-on mechanism precludes periodic quizzing of the 
user for a password. But there are instances, such as after a 
period of no activity from the user, when it may be useful to 
quiz the user for its password to ensure that it is indeed still 
the user. 

One approach to inquiry ing as to the user's identity 
involves repeating the illustrative login exchange whenever 
the user is required to type a password. This is undesirable 
because the exchange typically involves communication 
with another computer (e.g., the DS server) and that server 
might be unavailable when attempting to verify the user's 
password. Another option is to assign an application the 
responsibility of quizzing the user for a password and further 
assign the application its own version of the password. This 
approach is also undesirable because if the user changes its 
main password, the two passwords will be different. 

The present invention avoids the disadvantages associated 
with these prior approaches and is directed to a technique for 
dynamically authenticating a user to various services and 
applications in a distributed network system. 

SUMMARY OF THE INVENTION 

The invention generally relates to a technique for verify- 
ing the presence of a user to applications stored on a 
distributed network system using a single password. Briefly, 
the technique generally comprises computing a one-way 
hash value of the password that is initially provided by the 
user to a workstation during a login procedure. This initial 
hash value is stored by the workstation so that it may be 
readily accessible for authenticating the user to other appli- 
cations of the system. These other applications query the 
user as to its identity by issuing an operating system appli- 
cation programming interface (API) call that specifies, e.g., 
"quiz user for password". The API call invokes a routine that 
requests the user's password and, in response to that 
password, hashes it and compares the resulting hash value 
with the stored hash value. If the values match, the user is 
reliably authenticated. 

In the illustrative embodiment of the invention, the user is 
associated with a "keychain" public/private key pair wherein 
the private keychain key is encrypted with the user's pass- 
word and application-specific secrets are encrypted with the 
public keychain key. During the login procedure, the user 
provides the password to the workstation where it is used to 
decrypt the user's private keychain key and to generate an 
initial hash value. The workstation then "forgets" the pass- 
word but, significantly, retains the hash value and private 
keychain key after the login procedure. The application- 
specific secrets are decrypted with the private keychain key 
and the retained hash value is used in conjunction with the 
API call, which is callable by any application, to inquire as 
to the identity of the user. In accordance with the invention, 
the user need only provide the main password in response to 
this inquiry. 

Advantageously, the inventive technique provides an 
additional level of security for dynamically authenticating a 
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user after a login procedure by requiring the user to retype 
a password. This technique is particularly suited to certain 
security-sensitive operations or for situations where no 
typing activity has occurred after some predetermined time 
5 period. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The above and further advantages of the invention may be 
better understood by referring to the following description in 
conjunction with the accompanying drawings in which like 
reference numbers indicate identical or functionally similar 
elements: 

FIG. 1 is a diagram of a distributed network system in 
15 which the present invention may be used; 

FIG. 2 is an exemplary embodiment of an authentication 
arrangement including a workstation and various servers 
that may be advantageously used in accordance with the 
invention; 

20 FIG. 3 is a schematized block diagram of a secure 
authentication database residing on a network directory 
services; and 

FIG. 4 is a flowchart illustrating the sequence of steps for 
dynamically verifying the presence of a user when authen- 
25 ticating the user to various services and applications in a 
distributed network system in accordance with the inven- 
tion. 

DETAILED DESCRIPTION OF ILLUSTRATIVE 
50 EMBODIMENT 

FIG. 1 illustrates a distributed network system 100 that 
includes a plurality of computer nodes, such as user nodes 
W2a-n and various server nodes 104a-w, interconnected by 

3S a communications medium 106. The user node, e.g., a . 
workstation 102a, is a computer generally configured for use 
by one user at a time, whereas each server 104 is a computer 
resource running specialized software applications and 
services, typically for use by many users. In general, each of 

40 the computer nodes includes memory means 108 for storing 
software programs (e.g., operating system and applications) 
and data structures associated with the cryptographic meth- 
ods and techniques described herein. The nodes further 
include processor means 110 for executing the software 

45 programs, including various algorithms for generating num- 
bers and codes associated with, e.g., passwords and message 
digests, and for manipulating the stored data structures. It 
will be apparent to those skilled in the art that other 
processor and memory means, such as encoding and decod- 

50 ing devices, may be used within the teachings of the 
invention to implement the cryptographic authentication 
methods and techniques described herein. 

To access resources of the network 100, a user typically 
"logs-in" with a server node 104 configured as a directory 

55 service (DS) through the local workstation 102a, and then 
remotely authenticates itself to those resources. Specifically, 
the user provides an authorized user identity (e.g., a user 
name) and a user secret (e.g., a password) to an input/output 
device 112 of the workstation 102a and the workstation 

60 authenticates the login attempt using a login authentication 
exchange with the DS. Once authenticated, the user receives 
its private key, which the workstation 102a uses in subse- 
quent authentication exchanges with remote principals, such 
as server nodes 104. 

65 An exemplary embodiment of an authentication exchange 
arrangement 200 that may be used with the present invention 
is shown in FIG. 2, The arrangement includes a workstation 
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node 210, server nodes 202, a key generator server 218 and tion program) a program name, a list of users that have 
a certification authority 220. In general, the workstation authority to access the program, and an application program 
node 210 provides an interface to a user when accessing identifier (ID). The program name attribute is a unique 
specialized applications executing on the server nodes 202. descriptive term that identifies the application program. 
The key generator 218 is an example of such a specialized 5 Keychain objects, or simply "keychains", are associated 
server application that is used to register a user in the system with one or more application objects based upon character- 
by creating an account that includes the user's identity and of the application programs. As noted, a keychain has 
secret (password). The key generator 218 also creates a a s attributes at least one application secret and a public/ 
private/public key pair for aspects of the present invention pri vate key pair; in the illustrative embodiment, the private 
described below and, thus, must operate in a trustworthy 30 keychain key is encrypted with the user's password and 
fashion. That is, the generator must choose private/public application-specific secrets are encrypted with the public 
key pairs at random and must either generate or accept from keychain key. Each application-specific secret contains data 
the users the keys or the passwords used to encrypt or used by the particular program to authenticate the user. The 
decrypt data. Further, in most implementations, the key application secret is preferably the user's password for that 
generator must reliably communicate the generated public is program; however, it will be understood by those skilled in 
key to another specialized server application called the t he art that the secret may be any type of secure identifica- 
certification authority 220, so that it may cryptographically tion mechanism. 

bind the public key and the user name in a signed "certifi- D~f Q ~' i * cir> ^■ *• i<*£ • *i_ 

t » tu * a >u • * i *u . i Referring also to FIG. 2, application 236 issues an authen- 

cate . The certificate and the private key are then returned to n4 • ( 

t^c c ♦ -c J tication inquiry to user 112 in response to an attempt by that 

the DS for storage with user information. 20 11M # * %• > . L 

* user to access that application s processes or data. When the 

The workstation and server nodes may be further config- authentication inquiry is received at the controller, the 

ured as a distributed authentication service 201 that auto- workstation API 214 verifies that the user is a valid network 

mates an authentication exchange between a user interface olient (i.e., has successively logged-on and has been authen- 

112 (hereinafter "user*') and an application program 236. An ticated t0 the m S) by requesting the proper application 

example of a distributed authentication service suitable for 25 secfet for application 2 U. In response to this latter request, 

use with the present invention is disclosed in copending and tne database API 206 accesses the authentication database 

commonly-assigned U.S. patent application Ser. No. 08/617, 300 an d provides an encrypted application secret along with 

940, titled System and Method for Automatically Authenti- the private key for decrypting the secret. The workstation 

eating a User in a Distributed Network System, filed on Mar. ap! then decrypts and forwards the proper application secret 

15, 1996, which application is hereby incorporated by 30 (and user identity) t0 me application prog ram. 

reference as though fully set forth herein. ^ arrangemem provides effidem authentica . 

Briefly, the distributed service 201 comprises an exchange UO n of a user to various application programs or systems in 
controller 207 coupled to an authentication database 300 a distributed network without burdening the user or con- 
containing a group of encrypted application secrets associ- suming considerable bandwidth, there may be instances 
ated with the user. The controller 207, in turn, comprises an when it is useful to quiz the user for its password to ensure 
application program interface (API) that is distributed that it is indeed still the user. The present invention is 
among user workstations (i.e., workstation API 214) and the directed to a technique for dynamically verifying the pres- 
authentication database (i.e., the database API 206). e nce of a user when authenticating the user to various 
Typically, the applications and operating systems resident in services and applications in a distributed network system, 
the memories of the nodes interact via task commands of the , n accordaace with the invention, the technique comprises 
API layers to control the operations of the nodes. computi a one-way hash value of the password that is 
Illustratively, both the database API and authentication data- initially provided by the ^ tQ thc workstation during the 
base reside in a network directory services (NDS) system login procedure . This initial hasn value is stored by the 

a ' 45 workstation so that it may be readily accessible for authen- 

The authentication database 300 is preferably a secure ticating the user to other applications of the system. These 

database containing groups of application secrets for prede- other applications thereafter query the user as to its identity 

termined application programs. Each group of application by issuing an API call that specifies, e.g., "quiz user for 

secrets, referred to as a "keychain", is assigned a public/ password", as described below. 

private key pair by the key generator 218 when the keychain 5Q FIG< 4 is a flowcnart iii us t ra ti ng the sequence of steps for 

is created. The database 300 also contains user objects which dynamically verifying the presence of a user when authen- 

associate a given user with one or more keychains. The ticating the user t0 various and app u cat ions in a 

database API 206 manages the authentication database 300 distributed network system. The sequence starts at Step 400 

in response to task commands, such as queries, generated by and pr0C eeds to Step 402 where, during the login procedure 

workstation API 214. 55 at the workstation, tne user enters the password which is 

FIG, 3 is a schematized block diagram of the authentica- used to decrypt the user's private keychain key. In Step 404 
tion database 300 which contains three types of associated the workstation generates an initial hash value of the pass- 
data elements configured as objects: a user object 302, one word and then, in Step 406, the workstation "forgets", i.e., 
or more keychain objects 304a-/i associated with user object deletes, the password, but retains the hash value and private 
302, and one or more application objects 306a-/i associated 60 keychain key after the login procedure. In Step 408, the user 
with each keychain object 304. Each object preferably invokes application Appl using the distributed authentica- 
contains a number of attributes. tion service to decrypt and forward the proper application 

For every valid network user, the attributes of user object secret to Appl, as described above. 

302 include a login public/private key pair and a secret. The Later, Appl inquires as to the identity of the user to ensure 

user object 302 is accessed by the NDS to initially authen- 65 that the correct user is present at the workstation, 

ticate the user when the user logs onto the network. Each Specifically, in Step 410, Appl issues a system API call that 

application object 306 includes (for an associated applica- specifies, e.g., "quiz user for password". The API call, in 
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turn, invokes a routine in Step 412 that requests the user's 
password. The user enters the password in Step 414 and, in 
response to the subsequently entered password, the routine 
hashes that password in Step 416. In Step 418, the resulting 
hash value is compared with the stored hash value to 
determined whether they match. If the values match, the user 
is reliably authenticated in Step 422; if there is no match, the 
dynamic authentication sequence is aborted (Step 420). The 
sequence then ends in Step 424. 

Advantageously, the inventive technique provides an 
additional level of security for dynamically authenticating a 
user after a login procedure by requiring the user to retype 
a password. This technique is particularly suited to certain 
security-senstive operations or for situations where no typ- 
ing activity has occurred after some predetermined time 15 
period. 

While there has been shown and described an illustrative 
embodiment for dynamically verifying the presence of a 
user when authenticating the user to various services and 
applications in a distributed network system, it is to be 
understood that various other adaptations and modifications 
may be made within the spirit and scope of the invention. 
For example in an alternate embodiment of the invention, 
additional system software routines may be used when 
implementing the invention in various applications. These 
additional system routines include dynamic link libraries 
(DLL), which are program files containing collections of 
programming functions and routines designed to perform 
specific classes of operations. These functions are invoked 
as needed by the applications to perform the desired opera- 30 
tions. Specifically, DLLs, which are generally well-known, 
may be used to interact with the various applications and 
services in the distributed system to provide authentication - 
specific operations and functions. ^ 

The foregoing description has been directed to specific 
embodiments of this invention. It will be apparent, however, 
that other variations and modifications may be made to the 
described embodiments, with the attainment of some or all 
of their advantages. Therefore, it is the object of the 40 
appended claims to cover all such variations and modifica- 
tions as come within the true spirit and scope of the 
invention. 

What is claimed is: 

1. A method for dynamically verifying presence of a user 45 
at a non-server station of a distributed network system when 
authenticating the user to various services and applications 
in the system, the method comprising the steps of: 

A. entering a user password at the station during a login 
procedure for initially authenticating said user to begin 50 
a session; 

B. generating an initial hash value of the password and 
storing, at said station, that initial hash value after the 
login procedure; 

C. invoking, after beginning the session but prior to 
termination of the session, a first application using a 
distributed authentication service, the first application 
issuing a predetermined application programming 
interface (API) call that requests the user password; 

D. entering the user password at the station in response to 
the API call and generating a subsequent hash value of 
the user password; 

E. comparing at said station, the subsequent hash value 
with the initial hash value; and 

F. verifying the presence of the user if the hash values 
match. 



55 



60 



2. The method of claim 1 further comprising, after Step A, 
the steps of: 

decrypting an encrypted private keychain key of the user 

with the password; and 
deleting the password. 

3. The method of claim 2 further comprising, after Step B, 
the step of retaining the private keychain key. 

4. The method of claim 3 wherein Step C further com- 
prises the steps of: 

decrypting an application secret associated with the first 
application; and 

forwarding the decrypted application secret to the first 
application. 

5. The method of claim 4 wherein the predetermined API 
call specifies "quiz user for password". 

6. The method of claim 1 further comprising, after Step F, 
the step of aborting authentication of the user to various 
services and applications in the system if there is no match. 

7. Apparatus for dynamically verifying presence of a user 
at a non-server node of a network, the apparatus comprising: 

a user input device for receiving a first entry and a 
subsequent entry of a password from the user, said first 
entry being for initially authenticating the user at said 
node to begin a session, and said subsequent entry 
being for authenticating said user after said session has 
begun but prior to termination of said session; 

a processor operably connected to the input device and 
programmed to generate an initial hash value corre- 
sponding to the password; and 

a memory device operably connected to the processor for 
storing the initial hash value and an application pro- 
gramming interface executable by the processor to 
request the subsequent entry of the password; 

the processor being further programmed to generate a 
subsequent hash value corresponding to the subsequent 
entry of the password and to compare the subsequent 
hash value with the initial hash value to dynamically 
verify the presence of the user at the node; 

wherein the processor and the memory device are located 
at said node. 

8. The apparatus of claim 7 wherein the memory device 
is further configured to store a private keychain key 
encrypted in a format that is decryp table using the password. 

9. The apparatus of claim 8 wherein the memory device 
is further configured to retain the private keychain key. 

10. The apparatus of claim 9 wherein the memory device 
is further organized as a data structure containing an 
encrypted secret associated with an application effective to 
invoke the application programming interface and a private 
key for decrypting the secret. 

11. The apparatus of claim 10 wherein the encrypted 
secret comprises a secure identification mechanism. 

12. A memory device containing data structures for use in 
dynamically verifying presence of a user at non-server node 
of a network, comprising: 

a password structure adaptable to be input by said user for 
use in initially authenticating said user to begin a 
session; 

an initial hash structure for being stored at said node and 
corresponding to the password structure; 

an application adapted to use a distributed authentication 
service and to use an application programming inter- 
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face effective to be executed by a processor located at 
said node to request, after said session has begun but 
prior to termination of the session, a new instance of the 
password structure to be input by the user; 
subsequent hash structure generated by the processor 
and corresponding to the new instance of the password 
structure; and 

verification executable effective to be executed by the 
processor to compare the initial hash structure with the 
subsequent hash structure in order to determine 
whether said user is present at said node. 
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13. The memory device of claim 12 wherein the data 
structures further comprise a user object structure configured 
to associate the user with a keychain object structure. 

14. The memory device of claim 13 wherein the keychain 
object structure comprises an application secret and a private 
keychain key encrypted to be decrypted by the password 
structure. 

15. The memory device of claim 14 wherein the applica- 
tion secret contains data used by the application to authen- 
ticate the user. 
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